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Enabling A More Secure World 


RISK MANAGEMENT 





THE CHALLENGE > 


For the last decade, the public and private sectors have 
faced increasing complications managing complex and 
dispersed international supply chains. The issues 
confronted are extensive: physical and cybersecurity 
vulnerabilities, trade and customs compliance, the 
threat of malign foreign influence, and supply chain 
resiliency are only a handful of the many challenges 
within the global supply chain. There are multiple 
stakeholders, including government, regulators, 
companies, and their sub-tier subcontractors and 
suppliers across all geographies. Navigating this 


environment requires a holistic and integrated approach 
to supply chain security. 


APPROACH » 


Offering unparalleled insights into Client supply chains, 
and using our SAFETY Act designated risk management 
methodology, we help Clients assess, mitigate, and monitor 
supply chain risk in today’s dynamic environment. Through 
our network of providers, our Supply Chain Risk 
Management process addresses challenges at all nodes of 
our Clients’ supply chains. 


CHERTOFF GROUP SUPPLY CHAIN SOLUTIONS 


@ UPSTREAM 


» Supply Chain Mapping 

» Supplier Due Diligence 

» Foreign Influence Mitigation 
» Supply Chain Resiliency 


Y 


@ UPSTREAM 
> Software Supply Chain Audits 
y Source Code Validation/Testing 
» Software Supply Chain 
Remediation 
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© MIDSTREAM © DOWNSTREAM 
» Supply Chain Physical Risk Assessments » USG Regulatory Intelligence 
» Customs and Trade Compliance Support » CFIUS Mitigation 
» Periodic Supply Chain Audits » Intelligence Monitoring 
» Pandemic Supply Mitigation » Business Continuity Solutions 


» Target Operating Model Development 
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PAST PERFORMANCE: THE CHERTOFF GROUP VALUE ADD 





SECURING AN OEMS SU PPLY based in former Soviet Union countries. Given the 


Opaque operating environment, the Client lacked key 


CHAIN IN A HIGH-TH REAT information to make an informed business decision. In 
ENVI RO N M ENT » particular, the Client was concerned with Foreign 


Corrupt Practices Act compliance, potential exposure 


to individuals sanctioned by the U.S. Treasury Office of 


Challenge: Drug trafficking organizations targeted a large Foreign Assets Control (OFAC), and broader political 


multinational OEM, subverting its supply chain, and or reputational risk. 


exploiting the company’s lawful access to expedited 


customs screening programs. In addition TCG Value Add: TCG conducted several sensitive 


to dangerous contraband discovered in its products, the due diligence investigations leveraging open source 


company faces regulatory scrutiny and potential removal intelligence in multiple languages, alongside deep/dark 
from a foundational U.S. supply chain security 


partnership (C-TPAT). 


web and social media research, to orient discreet local 
source inquiries on the ground in the relevant countries. 


We leveraged our experience in intelligence collection 
TCG Value Add: We immediately deployed a team of 


supply chain security experts to Client sites worldwide 


and analysis to provide actionable intelligence to help 


guide the Client. Given the opacity of the operating 


to identify potential vulnerabilities and recommend best- environment and target market, our first-person source 


practices. Simultaneously, we augmented the company's inquiries generated unique insights simply not available 


manufacturing and security teams to craft tactical, in any online database or filing. 


strategic, and operational programmatic measures - and 
advised on. now to‘ communicate tnese:lmprovements Outcome: Armed with our intelligence, the Client was able 
appropriately to government officials. to make a key risk-based decision around its expansion 

plans in Eastern Europe. With actionable, contextualized 


Outcome: The OEM regained the highest possible insights it was able to consider multiple courses 


standing and associated Customs tier-rating. With TCG’s of action designed to limit exposure while stil 


help, the company developed a consistent approach accomplishing its main business objectives. 


MANAGING SUPPLIER RISK FOR A 
UNCOVERING REPUTATIONAL GLOBAL SOFTWARE DEVELOPER » 
RISK IN EASTERN EUROPE FOR A Challenge: Given expanding U.S. Government (USG) 
MULTINATIONAL MANUFACTURER » initiatives regarding supply chain security, a major 


software company with development and testing 


for navigating supply chain security related incidents, 


government audits, and continuous improvement. 


Challenge: A Fortune 500 U.S. Manufacturer was seeking activities in countries of concern faced increased 
an expanded supplier relationship with several firms scrutiny. 
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TCG was engaged to assess the scope and nature of due diligence, deep/dark web analysis, and background 
the risk and baseline the company’s security program. investigations to further assess the company’s country 
risk profile. 


TCG Value Add: TCG conducted a national security risk 


review to understand the root cause of USG supply chain Outcome: TCG analysis generated a set of prioritized C- 
concerns. While our team of former government officials Suite-level governance and technical mitigation 
analyzed and interpreted USG policies and actions, we options to address key USG concerns and reinvigorate 
also undertook an independent review of the product its federal business. In addition, TCG produced a report 
supply chain, leveraging NIST’s Secure Software that summarized security review findings and peer 
Development Framework (SSDF). In parallel, our team benchmarking. 

conducted 


CORE CAPABILITIES 





Supply Chain Mapping and Illumination: Through exclusive access to a proprietary database of 340M business 
entities located in 220 countries, TCG can map an entire supply chain or discrete product line 


« 


Supplier Due Diligence: TCG, through a network of partners, is well-positioned to conduct international due diligence— 
including on-the-ground inquiries in most countries 


Supply Chain Physical Risk Assessments: TCG practitioners are experienced in conducting on-the-ground 
physical risk assessments, and are able to identify threats and vulnerabilities associated with specific 
nodes of acompany’s supply chain 


USG Agency/Regulatory Intelligence: Based on its personnel’s extensive government experience and expertise, 
TCG is able to provide tangible and actionable insights into U.S. Government strategy and evolving regulatory 


ASSESS 


dynamics 


Software Security Risk Review: TCG can leverage authoritative frameworks (e.g., NIST Secure Software 
Development Framework) to evaluate development practices, maturity levels, and national security risks 


Software Lifecycle Solutions Design: TCG develops target operating models to enhance code development 
hygiene, address software supply chain opacity, and mitigate risks associated with high-risk geographies 


Code Testing and Validation: To promote security transparency and durability, TCG designs and implements 
internal and third party risk-based testing regimes 


Foreign Influence Risk Mitigation: By achieving an understanding of company structures and with visibility into Client 
supply chains, TCG can assist 
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companies in strategies that limit foreign influence and counter infiltration of key supply chain nodes 


Resiliency and Single Points of Failure Risk Mitigation: By identifying concentrated or overleveraged supply 
chains, TCG helps companies build supply chain resiliency in the event there is a major disruption 


Pandemic Supply Chain Mitigation: Drawing on subject matter experts in the health field, TCG can guide 


MITIGATE 


companies proactively or retroactively in managing their pandemic response plans, with associated supply 
chain adjustments 


Customs and Trade Compliance Support: Leveraging its deep Customs and Border Protection expertise, TCG 
helps companies manage trade and customs challenges, including legitimate supply chain exploitation by 


criminal groups and narcotrafficking organizations 





A 


CFIUS Mitigation: TCG’s team of former high-level security officials have a deeply rooted knowledge of the 
Committee on Foreign Investment into the United States (CFIUS), and have guided multiple companies 
through CFIUS approvals and mitigation processes 


Periodic Supply Chain Audits and Revalidations: TCG provides ongoing support to benchmark performance and 
prepares for recurring audits or revalidations, either internal or by the government 


Continuous All-Source Intelligence Monitoring: TCG leverages open source, deep/dark web, and human 


MONITOR 


intelligence sources to constantly monitor evolving risks in Client supply chains 


Establishment of Metrics and Protocols: To ensure the long-term viability of supply chain security programs, 
TCG works with Clients on the establishment of metrics that ensure ongoing effectiveness 


Supply Chain Solutions for Business Continuity: TCG helps craft and review business continuity plans through 


« 


the lens of supply chain security, ensuring all physical and cyber risks are managed appropriately 


ABOUT THE CHERTOFF GROUP » for multiple federal and private sector clients and 


conducted dozens of comprehensive risk assessments. 


The Chertoff Group is a premier security advisory firm Over nearly a decade, the Chertoff Group has also 
established in 2009 by former United States Department accrued substantial private sector experience in security 
of Homeland Security Secretary Michael Chertoff. TCG’s risk management and intelligence support for Fortune 
executives have built security and intelligence programs 500, multinational companies, and government entities. 


1399 NEW YORK AVENUE NW | SUITE 1100 | WASHINGTON, DC 20005 | 202.552.5280 | CHERTOFFGROUP.COM 





